Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1773
Views
0
Helpful
1
Replies

Is cisco AMP support integration with SIEM?

RafikWassef
Level 1
Level 1

‎09-15-2021 01:50 PM

Is Cisco security support integration with any SIEM solution, if yes please update me with more details

1 person had this problem
0 Helpful
1 Reply 1

Ken Stieers
VIP
VIP

‎09-15-2021 02:07 PM

Various SEIM products have ways to get events from AMP, but AMP can't push the events.

Logrhythm has a beat for their Open Collector to pull AMP events into the SEIM via the API. (its all based on elastic beats)
I think Splunk and QRadar both have something similar. Here's Cisco Doc for splunk
https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/215973-amp-for-endpoints-integration-with-splun.html

You may find some useful info and options in SecureX (dashboards/orchestration/incident managment/automated actions, etc.)

0 Helpful
Customers Also Viewed These Support Documents